CVE-2022-43452 In Delta Electronics DIAEnergie versions before v1.9.02.001, SQL Injection can be injected.

CVE-2022-43452 In Delta Electronics DIAEnergie versions before v1.9.02.001, SQL Injection can be

injected.

request when DIAEnergie is configured to expose an external database. DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network request when DIAEnergie is configured to expose an external database. CVE-2017-15915 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue. DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue. CVE-2017-15916 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue. DIAEner

Summary

DIAEnergie versions prior to v1.9.02.001 allow an attacker to inject SQL queries due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue.
CVE-2022-43452
request when DIAEnergie is configured to expose an external database. DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network request when DIAEnergie is configured to expose an external database. CVE-2017-15915 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue.
CVE-2017-15916 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API

SQL Injection

A SQL injection is when an application takes untrusted data and uses its own logic to process it. When this occurs, the application processes data that was intended for another application. This can lead to a hacker running commands on the database of the application they are attacking. For example, if a user goes to a website that allows a user to enter their email address or password, SQL injection can occur. This would allow the attacker to run commands on the database of the website and steal sensitive data like passwords and emails.
When DIAEnergie versions prior to v1.9.02.001 allow an attack due to configuration issue in REST API, an attacker can send a malicious request when DIAEnergie is configured to expose an external database. The REST API can be used exploit the issue by running commands on the database of DIAEnergie.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe